The new namespace configuration for spring security is awesome. However, I wonder if it might be possible to add a feature that would also allow to define the RoleVoter’s rolePrefix through Spring’s XML namespaces.

Right now I need to do define 2 beans the ‘traditional way’ in order to define the roleVoter e.g.:

…

…

This is a rather minor issue but I if there is any further simplification possible in that regard, that would be great. This issue was also discussed here on the forum:

http://forum.springframework.org/showthread.php?p=178371

This comment has been minimized.

I’m inclined to say that this is a “won’t fix” for the time being, largely because there isn’t an obvious place to put the information – the concept of a role prefix is pretty much specific to the RoleVoter and there isn’t currently any part of the namespace which is specific to RoleVoter or indeed for configuring an AccessDecisionManager. We could provide a reduced syntax for this but it would really just be a shorthand for the bean configuration – it doesn’t take much traditional bean configuration to add an AccessDecisionManager. It would just be something like

I would like to look into a more generalized syntax for mapping the loading of attributes from storage and their use in the framework, since this is rather arbitrarily spread amongst the data loading classes – this would cover not just whether a prefix should be added, but also whether the values should be converted to upper case etc.

This comment has been minimized.

As explained, it wouldn’t be a good idea to allow the RoleVoter prefix to be set through the namespace as the syntax would be somewhat artificial (and would be confusing if an external AccessDecisionManager was configured). The overall strategy needs more thought.

This comment has been minimized.

The approach to configure items not in the namespace is to use a BeanPostProcessor as described in the FAQ. I do not really see this getting added to the namespace configuration as it is a less commonly used configuration. Adding less common configuration options to the namespace will lead to making it just as complex as the standard configuration.